Menlo Security released a report detailing three nation-state campaigns. These campaigns employed sophisticated techniques to target financial institutions (such as banking and insurance organizations), government agencies, legal firms and healthcare entities. The campaigns discussed in the report are LegalQloud, Eqooqp, and Boomer.
Patrick Tiquet, Vice President, Security & Architecture at Keeper Security, says, “Nation-state cyber actors are constantly refining their methods to make their attacks more sophisticated and adaptable. Case in point, the recently uncovered and highly advanced HEAT campaigns — LegalQloud, Eqooqp and Boomer — that employ sophisticated evasion techniques capable of bypassing Multi-Factor Authentication (MFA) and using Adversary in the Middle (AiTM) kits. These campaigns have already compromised over 40,000 high-value users across critical sectors like banking, finance, insurance, legal services, government and healthcare. The fact that well-resourced nation-state actors are involved highlights just how serious these threats are.”
The report emphasizes the evolving nature of these campaigns, bypassing traditional security measures.
“Bottom line is, you have to accept that some attacks will get through to your users and thus you must do your best to prepare them for that fateful moment,” states Mr. Mika Aalto, Co-Founder and CEO at Hoxhunt. “Security awareness and phishing training must keep pace with the latest threats so that people understand AitM and dynamic phishing, and they know how to spot these attacks and stay safe. These evasive techniques are fundamentally different from traditional static phishing attacks because they will intercept legitimate user traffic and deploy malware and malicious content that adjusts on-the-fly to the user’s context, making it very hard to identify. Despite this evolved tactic, users can stay safe if they understand that they must never let their guard down.”
As for the implications of the report, Callie Guenther, Senior Manager, Cyber Threat Research at Critical Start, says, “Menlo Security’s latest report validates and extends our previous findings on HEAT attacks. The detailed analysis of campaigns like LegalQloud, Eqooqp and Boomer highlights the advanced techniques used by nation-state actors and the critical need for adaptive and innovative cybersecurity measures. As attackers refine their methods, organizations must enhance their defenses with proactive, real-time security solutions and continuous monitoring strategies to counter these evolving threats effectively.”